A Call to Arms: Protecting Minors from Child Identity Theft

With as many as one million children falling prey to identity theft each year, it’s time for parents and industry to take action.

Photo by Damir Spanic on Unsplash

Parents denied stimulus check benefits discover an identity thief is using their 2-year-old son’s Social Security number. A 20-year-old college student applying for financial aid learns she has 15 fraudulent credit accounts, the earliest opened when she was just 7. A single mother uncovers a four-year work and earnings history attached to her 12-year-old daughter’s Social Security number.

These are but three frauds reported to the Identity Theft Resource Center (ITRC) in recent months. Each illustrates a pervasive, yet largely invisible, problem plaguing our children to the tune of billions of dollars each year. The problem is child identity theft, and it strikes children of all ages, some even before they’ve taken their first breaths.

Child victims of an “adult” crime

According to a 2018 study by Javelin Strategy & Research, more than one million U.S. children fell victim to identity theft in 2017, with fraud losses totaling $2.67 billion. The study further determined that more than 2/3 of child victims were age 7 or younger, while 20 percent were in the range of 8 to 12 years old.

Victims and families who contact the ITRC for help are often in disbelief. How can so many kids fall prey to a crime widely perceived to affect only adults?

Sometimes identity theft happens at hands of someone known to the parents or minor. But frequently the answer lies in the massive and burgeoning stores of data collected by nearly every company and organization with which we interact. The seemingly insurmountable vulnerability of that data puts everyone at risk.

The problem with data

Data breaches happen with stunning regularity. Mega breaches involving mega brands like Facebook, Equifax and Marriott Hotels have stolen headlines in recent years. But for every large-scale breach that dominates the news cycle, dozens more less significant fly largely under the radar.

In 2019, data breaches exposed 15.1 billion records, many of them personal or highly sensitive. Also last year, U.S. K-12 public school districts and education agencies were victim to 348 data breaches, according to the K-12 Cybersecurity Resource Center. The ITRC’s Data Breach Report documented 2.3 million students’ data exposed in education data breaches in 2019.

Such breaches give fraudsters access to personally identifiable information (PII) like Social Security numbers (SSNs), birthdates, phone numbers and addresses, health insurance and Medicaid information, and much more. The commoditization of misappropriated data on the dark web makes it easier than ever for criminals to both steal identities and concoct convincing fake ones (a scheme known as synthetic identity fraud).

Compounding matters is the fact a child’s identity credentials are far more valuable than those belonging to an adult. This is due to simple longevity. With the acquisition of a child’s identity hallmarks, criminals inherit a clean slate to abuse at their leisure. They take out loans, run up (and skip out on) credit card debt, obtain medical care and public benefits, and even file fraudulent tax returns.

The misuse of a child’s identity can easily span years, sometimes a decade or more. Cases often go undetected until the minor comes of age and applies for a loan, credit line or financial aid. By that time, the fraudster has long since vanished, leaving a credit score in ruin. The victim inherits the aftermath: months or years of blood, sweat and tears — and hundreds to thousands of dollars in out-of-pocket expenses — to clean up the mess.

Take action

We as parents spend untold hours fretting over the dangers that could befall our children out in the world. Seldom do we consider what threats might lurk under the safety of our own roofs. Yet our connected devices bring potential risks into our homes every day.

The thought is apt to provoke sleepless nights — but parents shouldn’t worry. They should take action. First and foremost, freeze your child’s credit. This is the most important action parents can take to protect their children from identity thieves. It’s free, relatively easy — and guaranteed to be far less burdensome than remedying a fraud case after the fact. Learn how at idtheftcenter.org/childIDtheft.

Having taken that first critical step, families should also become more risk aware.

  • Watch for red flags. Official or business mail bearing a minor’s name (e.g., IRS notice, pre-approved credit card offer, jury summons or medical bill) or a minor receiving collections or sales calls are potential indicators of child identity theft. Don’t assume it’s an innocent error. Parents should immediately investigate red flags to rule out something more sinister.
  • Secure sensitive documents. Families should consider a bank box or fireproof, locked safe at home to store documents like birth certificates, Social Security cards, passports, etc.
  • Don’t divulge sensitive information unless required. If a form requests a SSN or other sensitive PII, don’t be afraid to clarify whether it’s actually mandated. Parents (and consumers more broadly) should refrain from divulging such information unnecessarily.
  • Have “the talk.” Parents should have routine, age-appropriate conversations with their kids about what it means to share information online and in-person — and why it’s best to keep certain information private. These discussions should include internet, smartphone and email safety topics.

Security and the digital identity mandate

Even as parents take steps to protect their children, industry has an equally critical role to play. After all, it is the businesses and organizations themselves that wield the greatest power to prevent data breaches and thwart identity thieves before they’ve had a chance to steal. They can start with:

  • Assessing risks — Organizations must first understand where their sensitive information is and who has access to it. Only then can they determine how to best secure it.
  • Safeguarding customer data — Strengthening protection doesn’t mean more authentication. It means strongerauthentication. Organizations should invest in flexible, AI- and machine learning-driven systems that can swiftly detect and rebuff ever-changing fraud schemes and security threats.
  • Education — Proactive organizations teach their customers how spot and report the hallmarks of fraud. Risk-aware customers offer great frontline defense — and they appreciate businesses that prioritize consumer protection.

Strength in collaboration

Child identity crime is a widespread issue exacerbated by today’s digital, always-connected culture. Greater volumes of data are collected than at any time in history. This data fuels amazing innovations that have transformed our lives, but fallen into the wrong hands, data can expose us to serious exploitation.

No single person or entity can solve the child identity theft crisis alone. It will take collective action by many — individuals; government agencies; financial institutions and businesses across sectors; support and advocacy organizations like the ITRC and more.

For families, don’t wait. Take steps today to avoid falling victim. For industry, data and technology can help determine digital identity with greater certainty than ever before. Organizations and businesses need only leverage them. Acting in unison, we can stop fraudsters in their tracks.

Eva Velasquez is President and CEO, Identity Theft Resource Center (ITRC). Brooke Fortson is ITRC Board Member and Sr. Manager of Global Product Marketing, SAS.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store